HTTP/1.1's Fatal Flaw: Request Smuggling Attacks
2025-08-03
This article exposes a long-standing security vulnerability in the HTTP/1.1 protocol—request smuggling attacks. Attackers can exploit this flaw by cleverly crafting request headers (Content-Length and Transfer-Encoding) to cause the server to misinterpret requests, enabling malicious control of websites and even bypassing security measures to access sensitive resources. This vulnerability still affects a large number of websites, and security expert James Kettle will reveal more attack details and defense methods on August 6th.